Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Fedora 28: FEDORA-2018-5acdf115df critical: Mosquitto ACL Bypass

fedora
Calendar Grey December 27, 2018
Dist Fedora Esm H88
The latest Fedora 30 release of Mosquitto 1.6.7 addresses a potential vulnerability in the ACL mechanism, boosting overall safety measures.
Update to new upstream version 1.5.5 (rhbz#1660413, rhbz#1660414)

Summary

Mosquitto is an open source message broker that implements the MQ Telemetry

Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method

of carrying out messaging using a publish/subscribe model. This makes it

suitable for "machine to machine" messaging such as with low power sensors

or mobile devices such as phones, embedded computers or micro-controllers

like the Arduino.

Update to new upstream version 1.5.5 (rhbz#1660413, rhbz#1660414)

* Tue Dec 18 2018 Fabian Affolter - 1.5.5-1

- Update to new upstream version 1.5.5 (rhbz#1660413, rhbz#1660414)

* Fri Nov 9 2018 Fabian Affolter - 1.5.4-2

- Update to new upstream version 1.5.4

* Sun Oct 14 2018 Peter Robinson 1.5.3-1

- 1.5.3 release

* Thu Sep 20 2018 Fabian Affolter - 1.5.2-2

- Use WITH_BUNDLED_DEPS=no

* Thu Sep 20 2018 Fabian Affolter - 1.5.2-1

- Update to new upstream version 1.5.2

* Mon Aug 20 2018 Peter Robinson 1.5.1-1

- 1.5.1 release

* Fri Jul 20 2018 John W. Linville - 1.5-5

- Add previously unnecessary BuildRequires for gcc-c++

* Fri Jul 13 2018 Fedora Release Engineering - 1.5-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Sat May 26 2018 Rich Mattes - 1.5-3

- Add network-online.target and documentation to unitfile

* Sat May 26 2018 Rich Mattes - 1.5-2

- Use upstream systemd service and enable systemd notification support

(rhbz#1410654)

* Sun May 20 2018 Fabian Affolter - 1.5-2

- Update to new upstream version 1.5 (rhbz#1580115)

* Sat May 5 2018 Fabian Affolter - 1.4.15-2

- Update systemd unit file (rhbz#1564733)

[ 1 ] Bug #1660413 - CVE-2018-20145 mosquitto: Possible ACL bypass

https://bugzilla.redhat.com/show_bug.cgi?id=1660413

su -c 'dnf upgrade --advisory FEDORA-2018-5acdf115df' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory Fedora update information ACL bypass Mosquitto

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 1.5.5
Release: 1.fc28
URL: https://mosquitto.org/
Summary: An Open Source MQTT v3.1/v3.1.1 Broker

Topics%20covered

Topics Covered

security advisory Fedora update information ACL bypass Mosquitto

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here